I track people who are disrupting the world of mobile technology. Non-conformists, innovators and agitators are this blog's unsung heroes, from entrepreneurs to scientists, to rebellious hackers. I'm the author of "We Are Anonymous: Inside the Hacker World of LulzSec, Anonymous and the Global Cyber Insurgency", (Little Brown, 2012) which The New York Times called a "lively, startling book that reads as 'The Social Network' for group hackers." I recently relocated to Forbes' San Francisco office, and was previously Forbes' London bureau chief from 2008-12, interviewing British billionaires like Philip Green and controversial figures like Mohammed Al Fayed; I wrote last year's billionaires cover story on Russia's Yuri Milner, and have broken stories like the Facebook-Spotify partnership in 2011. Before all this I had stints at the BBC and as a radio journalist. You can watch me on 'The Daily Show' here. If you have a story idea or tip, e-mail me at polson@forbes.com or follow me on Twitter: parmy.

Now Anyone Can Hack A Website Thanks To Clever, Free Programs

Some 88% of all SQL injection attacks between January and March of this year were carried out by either Havij or sqlmap, according to new research from Imperva, with the majority of attacks using Havij. The name, incidentally, is Farsi for “carrot,” and charmingly used as slang for male genitalia. “Somebody somewhere tried to have a sense of humor,” Rachwald says dryly.

Sqlmap, also free and billed as an off-the-shelf, penetration-testing tool, uses a command-line interface and requires a little more programming experience to use. But it can also automate the process of taking private data.

Sometimes attackers won’t know whether a site is vulnerable or not. But (surprise) that problem is also easily solved with more automated tools like Acunetix and Nikto. Acunetix, which is marketed to organizations who want to test their own websites for vulnerabilities, offers a free version on its site, while Nikto is open sourced and also freely available. Once downloaded, either program can quickly scan a site for security holes, before something like Havij comes in to mine the spoils.

In late 2010, Anonymous grabbed headlines for launching so-called DDoS attacks on PayPal and MasterCard, spamming them with junk traffic which (largely thanks to botnets) knocked them temporarily offline. Fast-forward to a year and a half later and those kinds of stunts don’t make as much noise anymore. That’s why Anonymous and its various offshoots have shifted their focus to stealing data.

“If you really want to hurt a company you expose their data,” says Rachwald, adding that two thirds of the attacks on 30 web-applications (websites) that Imperva had tracked over the last three months were automated. He’s also noticed increased discussion about Havij on hacker forums.

This might explain another recent statistic. The majority — or 61% — of IT security professionals are worried about future attacks from Anonymous and hacktivists, according to survey results released earlier this week by cyber security company Bit9. Anonymous came top of the list of attackers they though were most likely to target their organization, followed by “cyber criminals” and “nation states.” The professionals aren’t worried about the malicious spammers and veteran cyber thieves as much as they are about the teenager or 20-something next door who’s just learned how to use a free hacking tool.

The rise of armchair hackers like these is just another example of how new online tools have helped make skills that once took years to master, far more accessible. Websites can still protect themselves from these guys, but there will certainly be more of them.

Post Your Comment

Post Your Reply

Forbes writers have the ability to call out member comments they find particularly interesting. Called-out comments are highlighted across the Forbes network. You'll be notified if your comment is called out.

oh ya I made another hacking program called parmyolsonisabitch and you can download it from parmyolsonisahandicap.us/parmyolsonisaretard or the other website for european or uk users parmyolsondoesn’tknowathingabouthacking.eu/co.uk

Data leaking. For children there is an all in one tools: maxisploit etc. This is kiddie combain: search engines dork scanner with parametrs -> list of vuln sites -> exploit tools -> dumping. With proxy support and more features. Hacking not a craft, hacking is art. Huh, artimage for metasploit is true hacking tools everywere, powerfull tools for dummiew, lol.

do you need help? a hacking problem? troubled times? cheating spouse bad coworker?trouble at school?bully? DID A BUSSINESS PARTNER CHEAT YOU? WANT HIM TRACKED ? GET AT US need a certified GREY or BLACK HAT hacker? my team and i offer services that can help you solve your corporate issues and make your private life better ,we hack into WEBSITE hack,YAHOO,GMAIL,HOTMAIL,AOL,GMX,FACEBOOK,TWITTER,WORDPRESS,VARIOUS ACCOUNT IDS email accounts to PENETRATION TESTING,SECURITY AUDITS,SERVER HACK,UPGRADE OF RESULTS,GENERAL CONSULTATION help get answers about online activities,ALSO PREPARE CUSTOMIZED KEYLOGGERS FOR SALE ,, gaining acces via servers i can hack an account in a period of 1 to 3 days depending on the terms of our deal.i dont chat or im ,i just recieve and reply email .accept payment via liberty reserve and hardly via western union CREDIT CARDS FOR SALE ,LOGINS FOR SALE .contact us on our EMAIL at =============== >BRADHACCER@AOL dot COM we are here to help you

Nike Jordan shoes for sale here now it has a history of 33 yr, including Nike athletic shoes from the very start Bruins 1972, changes the knowledge and skills increasingly today, the Celtics this 33 yearsNike Air Max, according to what was often difficult to overlook the growth of employment, so the casting, was indeed other producer magnificence. but comparatively speaking, on the other hand I’d hate oxygen Jordan-term gain.@link-xy

I have your book on my Kindle. Perhaps you can help me with a problem. My wife and I are retired and live in Dominica (not the Dominican Republic) which is mistreated by LIAT Airline. LIAT overbooked my wife, costing us US$320 to rearrange connecting flights. LIAT Customer Relations will not even reply to us. Look up LIAT on the Web, even Wikipedia, and you will see how bad it is. This (if you care to read it) is our story: http://www.dan-ruth-tanner.com/LIAT_mistreatment.pdf and this is another: http://dominicavibes.dm/content/take-ownership-liat-dominican-hotelier-advises/ Can you help me find a way to suitably punish LIAT by taking its web site down until they straighten up and fly right?